Eric on 27 Apr 2010 18:24:12 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Denial of Service in Apache log?

I see the following request in the apache access log for a web site that I'm
working on: - - [27/Apr/2010:13:51:09 -0400] "GET /images/greenEdge_05.png
HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; MS-RTC LM 8; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"

So far so good... it's a 304 indicating the image file "greenEdge_05.png" has
not changed.

Weirdness alert!!!.....
There are 8788 of these requests from the same IP address in the space of about
1140 seconds.

I see identical blocks of thousands of requests for the same greenEdge_05.png
file from other (random?) IPs - perhaps once or twice a day.

I have a hard time believing that some part of the html/css/javascript is
causing this. (I did not write said html/css/javascript BTW.)

Is this some kind of stupid DOS attack?
Is there a way to tell Apache to stop answering after the first few hundred
repeated requests in a minute?  :-)

#  Eric Lucas
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --